Threat actors have been discovered to be using cracked versions of Microsoft Office to distribute a dangerous malware cocktail through illegal torrents.

Detected by the AhnLab Security Intelligence Center (ASEC), this malware campaign bundles together a collection of powerful malware strains – such as malware downloaders, cryptocurrency miners, and remote access trojans – to unleash a devastating attack. The malware is disguised as a cracked Microsoft Office installer, which would usually allow users to illegally download paid applications for free. However, those downloading this ‘cracked’ software are getting much more than they bargained for.

The Dangers of Malicious Torrents

Torrent sites, the use of which is generally illegal, have a long history of containing malware due to the unregulated nature of these sites. However, the promise of expensive software for nothing more than a few clicks is highly tempting to many internet users. Therefore, risks are taken and, occasionally, the consequences can be severe.

In this most recent example, torrents for Microsoft Office – as well as torrents for Windows and the Hangul word processor – are using professionally crafted interfaces to pass themselves off as legitimate software cracks. But despite the numerous options available, to apparently assist the user, these cracks have a nasty sting in their tail. Once the installer has been executed, a background process launches a hidden piece of malware which communicates with either a Mastodon or Telegram channel to download further malware.

This malware is downloaded from a URL linked to either GitHub and Google Drive, two platforms which are both legitimate and unlikely to ring any alarm bells. Unfortunately, there’s plenty to be alarmed about. A series of dangerous malware types are downloaded to the user’s computer, and these include Orcus Rat, 3Proxy, XMRig, and PureCrypter. These all combine to harvest data, convert PCs into proxy servers, download further malware, and use PC resources to mine cryptocurrency.

All of these malware strains run in the background, but even if they’re detected, removing them has little impact. This is because an ‘updater’ component of the malware is registered in the Windows Task Scheduler and, if the malware strains have been removed, they are re-downloaded on the next system reboot. This makes it a persistent threat, and one which is difficult to fully remove from your system.

Shield Yourself: Avoiding Harmful Torrents

Clearly, it’s crucial you need to protect your business from malicious torrents, but how do you do this? Well, it’s relatively simple if you implement the following strategies:

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


In today’s digital age, data is everywhere, and businesses are generating more of it than ever before. Therefore, it’s crucial you know how to handle it.

Businesses collect large volumes of data every day, and it’s this data which can be used to develop insights and analyze business operations. For a small business, however, the sheer magnitude of the data involved can be overwhelming. But it doesn’t have to be like this. Instead, you can manage big data simply and effectively, an approach which will help boost your efficiency and competitiveness. And Ophtek is here to show you how.

Demystifying Big Data

Big data encompasses all the data your business logs, processes and handles through the course of its daily operations. So, for example, sales records, customer details, social media interactions, and quotations can all be considered part of big data. The three main aspects of big data include the amount of data generated, the speed at which this is produced and processed, and all the different types of data which comprise your unique collection of big data.

How Can Big Data Help Small Businesses?

The main impact of harvesting big data is that it allows you to uncover patterns and trends within your business activities. In the past, this data would likely have been kept of paper records, and analyzing this would have been a painstaking process. Luckily, advances in technology mean this data can now be stored and automatically analyzed with much more ease. By analyzing big data, you can reap the following benefits:

How Should You Use Big Data to Succeed?

If you want to leverage big data to make a noticeable impact on your business, make sure you practice the following:

  • Start with Clear Goals: it’s crucial you identify what you want to achieve with your data. You may, for example, want to improve customer satisfaction, or you could be looking to maximize your sales. Either way, by setting specific goals, you’ll be able to identify what you need from your data.
  • Use Accessible Tools: analyzing big data can be complex, but it doesn’t have to be difficult. By utilizing tools such as Google Analytics, for website data, or HubSpot, for customer experience data, you can easily gain access to almost endless insights relating to your data.
  • Act on Insights: the most important process in analyzing big data is making sure you follow through on the results. These changes won’t implement themselves, it’s down to you and your team to take these insights and put them into action. And always monitor the impact of these changes, this will reveal whether they’re successful or require further tinkering.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


A North Korean hacking group has targeted two South Korean cryptocurrency companies with a new strain of malware dubbed Durian.

The relationship between North and South Korea has always been troubled, and this latest cyber-attack will do little to resolve these tensions. The attack itself uses a previously unseen malware variant known as Durian, which is coded in the Golang programming language. Both attacks occurred in the second half of 2023, with Kaspersky recently announcing them in their Q1 APT trends report.

While you may not run a cryptocurrency firm, or be a target of North Korea, it’s important to understand contemporary threats, so we’re going to look at Durian.

How Does Durian Work?

The exact attack method which Durian uses is currently unknown, but it appears to target software which is exclusively used in South Korea. It’s likely, therefore, that a vulnerability has been discovered, although no specific vulnerability has been identified yet. Regardless of the entry method, what is known is that Durian sets up backdoor functionality. This allows the threat actor to download further files, harvest data and files to external servers, and execute commands on the compromised servers.

Once Durian has a foothold within a target’s system, it starts downloading further malware such as Appleseed and LazyLoad, alongside genuine apps such as Chrome Remote Desktop. This makes Durian a particularly persistent threat and makes it a difficult piece of malware to combat.

It’s believed that the threat actor behind Durian is Kimsuky, a North Korean group who has been active since 2012. Kimsuky has been busy in recent times and appear focused on stealing data on behalf on North Korea. Notably, the usage of LazyLoad indicates that Kimsuky may also be partnering with another North Korean group known as Lazarus. LazyLoad has previously been deployed by Andariel, a splinter group with connections to the Lazarus Group.

Staying One Step Ahead of Durian

A specific fix against Durian hasn’t been announced, but this doesn’t mean your defenses are under immediate threat. Instead, by following the basic principles of cybersecurity, you can keep your IT infrastructure safe:

  • Always Install Updates: it’s suspected Durian is targeting specific software to establish itself on targeted systems, and this indicates that a vulnerability is being exploited with this software. Therefore, this acts as a worthy reminder on the importance of installing updates promptly. These updates can instantly plug security holes and keep your IT systems secure.
  • Be Aware of Spear-Phishing: Kimsuky is known for employing spear-phishing techniques so it’s vital your employees are educated on this threat. Typically, spear-phishing targets specific individuals within a company and attempts to deceive them into providing confidential information or direct access to internal systems.
  • Use Multi-Factor Authentication: if you want to add extra locks to your IT systems, then multi-factor authentication is the way forwards. Password breaches are common, but the use of multi-factor authentication minimizes the risk this poses. After entering a password, a unique code will be sent via SMS or through an authentication app which only the end user will have access to. Without this code, a threat actor will be unable to get any further with your password.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


A new strain of malware, dubbed Cuttlefish, which attempts to hijack your router has been discovered, and it poses a major threat to your data.

The experts at Black Lotus Labs recently discovered a number of routers had been compromised by a previously unseen malware. The security researchers named the malware Cuttlefish, and found it had compromised numerous enterprise-level and small office/home routers. The threat actors are not currently known, but the main impact of Cuttlefish is that it stealthily steals data once it has a foothold. Data breaches, of course, represent a major incident for businesses, so it’s crucial you keep your routers safe.

Decoding the Danger Behind Cuttlefish

The exact attack method behind Cuttlefish is unknown, but it’s been revealed there are similarities between its source code and that of the HiatusRAT malware. Black Lotus Labs believe Cuttlefish may launch its attack either through a zero-day vulnerability or by using good old fashioned brute force hacking methods.

Whatever the nature of its attack, which was first executed in July 2023, Cuttlefish hands control of the compromised router over to a set of threat actors. This is achieved by instructing an infected router to execute a Bash script – a text file containing a set of commands – which sends data to a remote Command & Control (C2) server. The first action taken by the C2 server is to send back the Cuttlefish malware, this is then installed on the compromised router.

From here, Cuttlefish can monitor all traffic passing through the router and any devices connected to it. Cleverly, Cuttlefish is designed to establish a VPN tunnel, which is then used to extract sensitive data, such as login credentials, from the router’s traffic. These attack methods mark Cuttlefish out as a highly stealthy and dangerous strain of malware, one with the ability to expose and misuse confidential data.

Fighting Back Against the Threat of Cuttlefish

As very little of the mechanics behind Cuttlefish are known, it’s difficult to pinpoint a single solution. For now, all the attacks have been focused on routers based in Turkey. But this can quickly change if threat actors behind Cuttlefish decide to start targeting global victims.

While there isn’t, for example, a simple security patch to install, you can still protect your organization’s routers by following these best security practices:

  • Always Install Updates: routers, like all hardware, rely on firmware updated and patches to maintain their security and maximize performance. But not everyone prioritizes installing these updates. And this approach can put your router at risk of being exploited by a vulnerability. Therefore, where possible, automate updates for your routers (and all devices) or manually install updates as soon as possible.
  • Regularly Change Your Router Credentials: it’s vital you regularly change the password associated with your router. Otherwise, you run the risk of allowing external threats to essentially live on your router. And as well as regularly changing your password, it’s important that you generate strong and unique passwords every time.
  • Monitor Network Traffic: unusual activity on your network, such as high-volume traffic to unknown destinations should always be scrutinized. Accordingly, you need to implement specialized software and hardware tools to analyze your network traffic and raise alerts when abnormal traffic patters are detected. This will maintain both the integrity and security of your network.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


The impact of the Covid-19 can still be felt, with high numbers of employees continuing to work remotely. But how does this affect your cybersecurity?

The shift towards remote work was essential at the start of the pandemic, and it has now become a permanent aspect of many employees’ lives. However, while it represents a flexible approach to work, which helps achieve a healthy work/life balance, it also comes with challenges in terms of cybersecurity. With employees working from different locations and connecting to your IT infrastructure from different networks, it’s a complex scenario to manage.

Staying Secure in the Remote Work Era

It’s important your organization takes the necessary steps to strengthen their defenses when it comes to remote working practices. Many of these are simple and can be implemented easily. Therefore, you need to make sure you follow these best practices:

  • Avoid Public Wi-Fi: remote working allows your employees to work from anywhere, but this can open them and your servers up to significant risk. In particular, the risk of public Wi-Fi networks – such as those found in coffee shops and public places – should never be underestimated. With little protection in place, these Wi-Fi networks can easily be compromised and risk your organization’s data being harvested. Therefore, your remote employees should be discouraged from using these, instead using secure networks at home.
  • Use Multi-Factor Authentication: For remote workers, extra layers of security are everything when it comes to protecting your networks. And this is why multifactor authentication can be a real game-changer in terms of your security. Furthermore, biometric authentication such as Windows Hello allows your business to enhance its security and prevent unauthorized access.
  • Use Secure Collaboration Tools: You have to think a little differently when working with remote employees, especially when it comes to collaborating. It’s not as simple as having your entire team in the same room, so collaboration software is crucial. However, this needs to be secure. So, make sure you use secure collaboration tools such as Microsoft Teams, Slack, and Basecamp to ensure your communications remain encrypted and safe
  • Monitor Remote Devices: With your remote employees’ devices out of sight, they need to be monitored closely. Endpoint monitoring software allows you to track devices in real time and identify any unusual behaviors. Automatic alerts and notifications can be put in place to ensure you’re aware of any breaches immediately and allows you to take action to neutralize any threats.
  • Employee Training: As ever, the most important aspect of cybersecurity for businesses involves employee training. Accordingly, your remote employees need specific training to make sure they understand the risks of remote work. Strong and unique passwords, for example, have never been more important, and being able to identify phishing attempts is equally crucial when an employee is unable to call on the immediate support of their colleagues.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More